dcsimg

WatchGuard Firebox UTM: Overview and Analysis

Download our in-depth report: The Ultimate Guide to IT Security Vendors

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  

See our complete list of top UTM vendors
See user reviews of WatchGuard Firebox UTM

Key Takeaways

Gartner rates WatchGuard a well-executing visionary, not far from the market leaders. WatchGuard's Firebox UTM solutions provide enterprise-grade security, centralized management and performance at all price points. The company gets high marks from users for its free endpoint detection and response (EDR) capability, reporting and analysis features, ease of implementation and use, and performance. Public cloud capabilities and support have room for improvement.

Company Description

Founded in 1996, WatchGuard Technologies was the first company to offer an integrated hardware firewall appliance. It has since expanded to include secure Wi-Fi and network intelligence solutions. It is headquartered in Seattle, with offices throughout North America, Europe, Asia Pacific, and Latin America. It is privately owned.

Product Description

WatchGuard's Firebox UTM solutions provide enterprise-grade security without the cost or complexity of an enterprise-level product. They are centrally managed, provide performance at all price points and offer full network visibility. The company's UTM platform is the cornerstone product. But it also has stand-alone, cloud-managed, secure wireless access points, and it will soon offer a standalone multi-factor authentication (MFA) solution. All come together in WatchGuard Cloud.

"Unified Threat Management solutions have become platforms for SMBs to combine many different types of security workloads," said Corey Nachreiner, CTO at WatchGuard Technologies. "Today we find larger organizations and some mid-market and distributed enterprises moving to UTM due to their benefits and value."

As well as traditional UTM functions such as firewall, virtual private networking (VPN), antivirus, intrusion prevention system (IPS) and Web filtering, functions covered include application-layer inspection, deep packet inspection, email protection (anti-spam, attachment stripping, content inspection via SpamBlocker and an SMTP proxy), malicious URL/domain filtering, application control, malware detection/behavioral sandboxing, data loss prevention (DLP), HTTPS inspection, mobile security (via Fireclient) and threat detection and response (TDR).

Markets and Use Cases

The company focuses on delivering widely deployable security to small and medium businesses and distributed enterprises. It does not directly address the large enterprise or huge telco data centers. Key verticals include retail, hospitality and education for such functions as protecting an organization's network with a full security suite, secure VPNs between remote offices, and enforcing acceptable use policies.

Metrics

WatchGuard offers firewall throughput of up to 60 Gbps, VPN throughput of up to 10 Gbps, antivirus throughput of up to 12 Gbps, IPS throughput of up to 16 Gpbs, UTM throughput of up to 11 Gbps. Its products can handle up to 12.7 million concurrent connections and 240,000 new connections per second.

Intelligence

It incorporates a range of intelligence tools, including traditional signatures, aggregated threat data, appliance feedback loops to refresh black lists, behavioral-based malware detection, and machine learning for TDR scoring models. ThreatSync is one example. It is a cloud analytics engine that coordinates the different types of incidents or events detected by different services to help identify new threats.

Delivery

Firebox comes in a range of hardware appliances, plus a virtual version that runs in ESXi or Hyper-V. You can also find a public cloud version in the Amazon AWS marketplace. (An Azure version will be available soon.)

Agents

Agents are not required for many services, or any traditional UTM service. However, two services —TDR and mobile security — require a sensor or agent. TDR requires a small host sensor to collect endpoint security events to be correlated with network events. It currently runs on Windows and Linux, and the macOS version will be released soon. Users can deploy the Windows sensor via Active Directory and group policy or other software distribution tools. Those using the mobile security feature will need to install an iOS or Android agent.

Pricing

Pricing varies per model and based on the services purchased. But generally, prices start at $290 for the lowest-end table top unit.

Submit a Comment

Loading Comments...